128technology · Chr1st0ph3rTurn3r · May 10, 2024 · May 10, 2024 · May 10, 2024 · May 13, 2024
@@ -7,11 +7,11 @@ For compliance, the following configuration considerations must be made:
 
 - FIPS mode must be enabled **during installation**. Use of anything other than FIPS mode is not compliant with Common Criteria certification.
 - **Except during installation**, all configuration procedures must be performed from the CLI; use of the GUI is not part of the approved use case. Configuring the router OTP Quickstart file from the Conductor GUI **is acceptable under the Common Criteria guidelines**.
-- When installing a router, the [IPv4 Option Filter](cc_fips_sec_firewall_filtering.md#ipv4-option-filtering) must be set to `drop-all`.
-- When installing a router, the [ICMP Session Match](cc_fips_sec_firewall_filtering.md#icmp-type-as-a-session-attribute) must be set to `identifier-and-type`.
-- Configure the [TCP Half-Open Connections Limit](cc_fips_sec_firewall_filtering.md#tcp-half-open-connection-limit) for firewall.
-- The `password-policy` must define the minimum password length and maximum number of permitted login attempts per user. Please refer to [Username and Password Policies](cc_fips_config_password_policies.md) for policies, and to [`configure authority password-policy`](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_command_guide#configure-authority-password-policy) for CLI commands and context for assigning these values.
-- The `admin` account must be given `sudo` privileges allowing it to use the shell for some management capabilities. Edit the `/etc/sudoers` file as `root` using the `visudo` command. This allows you to add an entry for `admin` which will persist across reboots. For additional information, please see [Root Access](cc_fips_access_mgmt.md#root-access) in the Access Management section.
+- When installing a router, the [IPv4 Option Filter](cc_fips_6.2.5_sec_firewall_filtering.md#ipv4-option-filtering) must be set to `drop-all`.
+- When installing a router, the [ICMP Session Match](cc_fips_6.2.5_sec_firewall_filtering.md#icmp-type-as-a-session-attribute) must be set to `identifier-and-type`.
+- Configure the [TCP Half-Open Connections Limit](cc_fips_6.2.5_sec_firewall_filtering.md#tcp-half-open-connection-limit) for firewall.
+- The `password-policy` must define the minimum password length and maximum number of permitted login attempts per user. Please refer to [Username and Password Policies](cc_fips_6.2.5_config_password_policies.md) for policies, and to [`configure authority password-policy`](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_command_guide#configure-authority-password-policy) for CLI commands and context for assigning these values.
+- The `admin` account must be given `sudo` privileges allowing it to use the shell for some management capabilities. Edit the `/etc/sudoers` file as `root` using the `visudo` command. This allows you to add an entry for `admin` which will persist across reboots. For additional information, please see [Root Access](cc_fips_6.2.5_access_mgmt.md#root-access) in the Access Management section.
 - Traffic logging must be enabled by setting the following command to `true`: `configure authority router router system audit traffic enabled true`. This is a resource intensive setting. Not more than a few sessions are expected to run while collecting traffic events.
 
 - Any services that are used to enforce evaluated firewall functionality must have a service-policy attached that applies strict transport state enforcement:

@@ -11,7 +11,7 @@ The Conductor installation must be completed before installing a Session Smart R
 
 ## Prerequisites
 
-- Installation is performed on a compliant platform; see [Compliant SSR Hardware](cc_fips_compliance_guidelines.md#compliant-ssr-hardware). 
+- Installation is performed on a compliant platform; see [Compliant SSR Hardware](cc_fips_6.2.5_compliance_guidelines.md#compliant-ssr-hardware). 
 - Verify that the boot priority of the USB drive is properly listed in the system BIOS.
 - Ensure local console connectivity to the device. 
 - **Logging in as `root` over SSH is not permitted.** When a system is installed using the OTP ISO, a `t128` user is configured with `sudo` privileges. 
@@ -184,7 +184,7 @@ Conductor High Availability for Cloud Deployments is not supported under Common
     - At least 1 number 
   - Cannot contain the username in any form 
   - Cannot repeat characters more than 3 times 
-  This operation is only performed on the standalone or first node in the HA peer, and the password must be entered twice. For supporting password information, see [Username and Password Policies](cc_fips_config_password_policies.md).
+  This operation is only performed on the standalone or first node in the HA peer, and the password must be entered twice. For supporting password information, see [Username and Password Policies](cc_fips_6.2.5_config_password_policies.md).
   :::note
   Resetting a password requires entering the old password. If a password is lost or forgotten and the account is inaccessible, the account cannot be recovered. Please keep password records accessible and secure. 
   :::
@@ -370,13 +370,13 @@ Creating router configurations on the conductor allows individual routers to dow
 
 A sample branch router configuration is available as a [**template**](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_templates#default-templates) on the conductor. This is a great place to start the configuration process. Additionally, you can create configuration templates that allow administrators to automate the configuration of top-level resources. For more information, see [Configuration Templates](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_templates). 
 
-To see an example router configuration, refer to the [Appendix](cc_fips_appendix.md).
+To see an example router configuration, refer to the [Appendix](cc_fips_6.2.5_appendix.md).
 
 After completing the router configuration on the conductor, please return to this guide to continue the Common Criteria compliant router installation.
 
-If you will be using the OTP Quickstart router installation process, proceed to the [OTP Router Install Process](cc_fips_otp_router_install.md) next, and then use the [QuickStart From the OTP ISO](cc_fips_install_quickstart_otpiso.md) steps to generate a basic configuration and quickstart file for router installation. 
+If you will be using the OTP Quickstart router installation process, proceed to the [OTP Router Install Process](cc_fips_6.2.5_otp_router_install.md) next, and then use the [QuickStart From the OTP ISO](cc_fips_6.2.5_install_quickstart_otpiso.md) steps to generate a basic configuration and quickstart file for router installation. 
 
 When configuring and installing a router in an environment operating under the Common Criteria guidelines, it is acceptable to provision this file using the GUI. Other uses of the SSR GUI are not supported under the Common Criteria guidelines.
 
-If you choose to install routers using the Interactive Installation, continue with [Router Interactive Installation](cc_fips_router_install.md).
+If you choose to install routers using the Interactive Installation, continue with [Router Interactive Installation](cc_fips_6.2.5_router_install.md).
 
@@ -35,4 +35,4 @@ authority
         exit
     exit
 exit
-```                 
+```                 
@@ -28,10 +28,10 @@ Access to the SSR Software packages available for download from our software rep
 
 Installation is done from the SSR ISO, typically from a bootable image on a flash drive or disk. 
 The install process is as follows:
-- [Download the OTP ISO](cc_fips_downloading_iso.md)
+- [Download the OTP ISO](cc_fips_6.2.5_downloading_iso.md)
 - [Create Bootable Media](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_creating_bootable_usb)
-- [Install a Conductor](cc_fips_conductor_install.md)
+- [Install a Conductor](cc_fips_6.2.5_conductor_install.md)
 - [Create the Router configuration with the Conductor](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_basic_router_config) or [Import a Configuration](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/single_conductor_config)
-- [Install the Router](cc_fips_router_install.md) 
+- [Install the Router](cc_fips_6.2.5_router_install.md)
-Original file line number
+Diff line change
@@ Expand Up / @@ -35,4 +35,4 @@ authority @@
             exit
         exit
     exit
-    ```
+    ```